Hardware vulnerabilities soar amid spread of IoT devices

There’s been an 88 percent increase in hardware vulnerabilities amid a proliferation of IoT devices, and 81 percent of security researchers have encountered new hardware vulnerabilities in the past 12 months.

New attack vectors and often forgotten targets like APIs and hardware are vulnerable and should be a key focus for CISOs today according to a new report from crowdsourced security company Bugcrowd, which shows organizations face growing challenges as applications go through multiple development cycles under pressure to release features quickly, often aided by AI-assisted coding.

“We are in a high-stakes innovation race, but with every AI advance, the security landscape becomes exponentially more complex. Attackers are exploiting this complexity, but still targeting foundational layers like hardware and APIs. No single CISO can win this race alone. To thrive, we must move beyond isolated efforts and cultivate a collective resilience of collaboration -- pooling our knowledge of the hacker community to outpace emerging threats together,” says Nick McKenzie, CISO at Bugcrowd. “This community-driven approach is the only way to stay ahead. We are excited to contribute to this shared goal with our latest edition of Inside the Mind of a CISO.”

Among other findings there’s been a 32 percent increase in average payouts for critical vulnerabilities and a 36 percent increase in broken access control critical vulnerabilities. In addition there’s a 42 percent increase in sensitive data exposure critical vulnerabilities and a 10 percent increase in API vulnerabilities as attack surfaces expand.

Commenting on the findings John Watters, CEO and managing partner at iCOUNTER says, “CISO’s have always known that their near infinite attack surface and open vulnerabilities presented an insurmountable problem. They realized that there’s no way you can close every hole, patch every vulnerability, or protect against every type of attack. Therefore, most CISOs shifted to simply protecting against known threats relying on an age of reuse of attack methods and tools.  If you were seeing an attack, it was almost always seen somewhere before -- so, intelligence led security enabled defenders to learn from each other and make sure that they were protected against all known threats.  Now, we enter into an age where every attack vector is discoverable and exploitable by new and novel attack methods that have never been used before. Everyone becomes patient zero -- that’s a tough challenge -- one we’re not prepared to address as an industry.”

You can get the full Inside the Mind of a CISO report from the Bugcrowd site.

Image credit: BiancoBlue/Dreamstime.com